From 2a82be115c2a47eab1fed70d8c85a8b2711f13d1 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 26 May 2020 03:05:33 +0530 Subject: add additional test condition for GNS crypto --- src/util/test_crypto_ecdsa.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/util') diff --git a/src/util/test_crypto_ecdsa.c b/src/util/test_crypto_ecdsa.c index cfa236d6d..7908590a8 100644 --- a/src/util/test_crypto_ecdsa.c +++ b/src/util/test_crypto_ecdsa.c @@ -107,6 +107,7 @@ testDeriveSignVerify (void) struct GNUNET_CRYPTO_EcdsaPrivateKey *dpriv; struct GNUNET_CRYPTO_EcdsaPublicKey pkey; struct GNUNET_CRYPTO_EcdsaPublicKey dpub; + struct GNUNET_CRYPTO_EcdsaPublicKey dpub2; dpriv = GNUNET_CRYPTO_ecdsa_private_key_derive (&key, "test-derive", @@ -117,9 +118,17 @@ testDeriveSignVerify (void) "test-derive", "test-CTX", &dpub); + GNUNET_CRYPTO_ecdsa_key_get_public (dpriv, &dpub2); purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); + if (0 != GNUNET_memcmp (&dpub.q_y, &dpub2.q_y)) + { + fprintf (stderr, "%s", "key derivation failed\n"); + GNUNET_free (dpriv); + return GNUNET_SYSERR; + } + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign_ (dpriv, &purp, -- cgit v1.2.3 From 5a69caa07f3f334a76a61f13d8336608b3c5d5e9 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 26 May 2020 03:23:29 +0530 Subject: replace Christian's FIXME with an explanation --- src/util/crypto_ecc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/util') diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 96d546185..e1608ae55 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -544,10 +544,18 @@ void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) { BENCHMARK_START (eddsa_key_create); + /* + * We do not clamp for EdDSA, since all functions that use the private key do + * their own clamping (just like in libsodium). What we call "private key" + * here, actually corresponds to the seed in libsodium. + * + * (Contrast this to ECDSA, where functions using the private key can't clamp + * due to properties needed for GNS. That is a worse/unsafer API, but + * required for the GNS constructions to work.) + */ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, pk, sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); - // FIXME: should we not do the clamping here? Or is this done elsewhere? BENCHMARK_END (eddsa_key_create); } -- cgit v1.2.3